cybernews

fuite de donnée enregistrée

Latest News


CVE-2024-44373 - AllSky Path Traversal Web Shell RCE

CVE ID : CVE-2024-44373
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/save_file.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-31988 - HCL Digital Experience Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-31988
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-33008 - IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-33008
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-43737 - Liferay Portal Liferay DXP Reflected Cross-Site Scripting (XSS)

CVE ID : CVE-2025-43737
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via _com_liferay_journal_web_portlet_JournalPortlet_backURL parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-43745 - Liferay Portal CSRF Attack

CVE ID : CVE-2025-43745
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote attackers to performs cross-origin request on behalf of the authenticated user via the endpoint parameter.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-50891 - Adform Site Tracking Cross-Site Scripting (XSS)

CVE ID : CVE-2025-50891
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : Adform Site Tracking 1.1 allows attackers to inject HTML or execute arbitrary code via cookie hijacking.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-52338 - LogicData eCommerce Framework Authentication Bypass

CVE ID : CVE-2025-52338
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-55303 - Astro Image Optimization Endpoint Protocol-Relative URL Injection

CVE ID : CVE-2025-55303
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include an /_image endpoint which returns optimized versions of images. A bug in impacted versions of astro allows an attacker to bypass the third-party domain restrictions by using a protocol-relative URL as the image source, e.g. /_image?href=//example.com/image.png. This vulnerability is fixed in 5.13.2 and 4.16.18.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-55306 - GenX FX Exposed API Keys and Authentication Tokens

CVE ID : CVE-2025-55306
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources (Google Cloud, Firebase, GitHub, etc.).
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-55733 - DeepChat Custom URL Handler Remote Code Execution Vulnerability

CVE ID : CVE-2025-55733
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app’s custom URL handler (deepchat:), causing the DeepChat application to launch and process the URL, leading to remote code execution on the victim’s machine. This vulnerability is fixed in 0.3.1.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-55734 - FlaskBlog Unauthenticated Access to Sensitive Pages

CVE ID : CVE-2025-55734
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page, but that control is not done for the pages routes/adminPanelComments.py and routes/adminPanelPosts.py. Thus, an unauthorized user can bypass the intended restrictions, leaking sensitive data and accessing the following pages: /admin/posts, /adminpanel/posts, /admin/comments, and /adminpanel/comments.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-55735 - FlaskBlog Stored XSS Vulnerability

CVE ID : CVE-2025-55735
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escape the rendered content. This can lead to a stored XSS inside the content of the post. The code that causes the problem is in template/routes.html.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-55736 - FlaskBlog Role Elevation Vulnerability

CVE ID : CVE-2025-55736
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem is in the routes/adminPanelUsers file.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-9153 - iSourcecode Online Tour and Travel Management System File Upload Vulnerability

CVE ID : CVE-2025-9153
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-9154 - iSourcecode Online Tour and Travel Management System SQL Injection

CVE ID : CVE-2025-9154
Published : Aug. 19, 2025, 7:15 p.m. | 52 minutes ago
Description : A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /user/page-login.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 19:15:00 GMT

read more

CVE-2025-55153 - Apache HTTP Server XML Entity Injection

CVE ID : CVE-2025-55153
Published : Aug. 19, 2025, 6:15 p.m. | 1 hour, 52 minutes ago
Description : Rejected reason: This CVE is a duplicate of another CVE.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 18:15:00 GMT

read more

CVE-2025-55294 - "Screenshot-Desktop Command Injection Vulnerability"

CVE ID : CVE-2025-55294
Published : Aug. 19, 2025, 6:15 p.m. | 1 hour, 52 minutes ago
Description : screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary command execution with the privileges of the calling process. This vulnerability is fixed in 1.15.2.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 18:15:00 GMT

read more

CVE-2025-55295 - qBit Manage Path Traversal Vulnerability

CVE ID : CVE-2025-55295
Published : Aug. 19, 2025, 6:15 p.m. | 1 hour, 52 minutes ago
Description : qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbit_manage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restore_config_from_backup endpoint. The vulnerability allows attackers to bypass directory restrictions and read arbitrary files from the server filesystem by manipulating the backup_id parameter with path traversal sequences (e.g., ../). This vulnerability is fixed in 4.5.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 18:15:00 GMT

read more

CVE-2025-8450 - Fortra FileCatalyst Unauthenticated File Upload Vulnerability

CVE ID : CVE-2025-8450
Published : Aug. 19, 2025, 6:15 p.m. | 1 hour, 52 minutes ago
Description : Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 18:15:00 GMT

read more

CVE-2025-9149 - Wavlink Wireless.cgi Command Injection

CVE ID : CVE-2025-9149
Published : Aug. 19, 2025, 6:15 p.m. | 1 hour, 52 minutes ago
Description : A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. This impacts the function sub_4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guest_ssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 18:15:00 GMT

read more

CVE-2025-9150 - Surbowl Dormitory-Management-Php SQL Injection

CVE ID : CVE-2025-9150
Published : Aug. 19, 2025, 6:15 p.m. | 1 hour, 52 minutes ago
Description : A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 18:15:00 GMT

read more

CVE-2025-9151 - LiuYuYang01 ThriveX-Blog Remote Unauthorized Access Vulnerability

CVE ID : CVE-2025-9151
Published : Aug. 19, 2025, 6:15 p.m. | 1 hour, 52 minutes ago
Description : A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /web_config/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 18:15:00 GMT

read more

CVE-2025-54881 - Mermaid Sequence Diagram Label XSS

CVE ID : CVE-2025-54881
Published : Aug. 19, 2025, 5:15 p.m. | 2 hours, 52 minutes ago
Description : Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-9147 - JasonClark GetSemantic Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-9147
Published : Aug. 19, 2025, 5:15 p.m. | 2 hours, 52 minutes ago
Description : A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-9148 - CodePhiliaX Chat2DB JDBC Connection Handler SQL Injection Vulnerability

CVE ID : CVE-2025-9148
Published : Aug. 19, 2025, 5:15 p.m. | 2 hours, 52 minutes ago
Description : A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-38605 - "Qualcomm ath12k Wi-Fi Kernel Panic Vulnerability"

CVE ID : CVE-2025-38605
Published : Aug. 19, 2025, 5:15 p.m. | 1 hour, 37 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to retrieve the ab pointer. In vdev delete sequence the arvif->ar could become NULL and that would trigger kernel panic. Since the caller ath12k_dp_tx() already has a valid ab pointer, pass it directly to avoid panic and unnecessary dereferencing. PC points to "ath12k_dp_tx+0x228/0x988 [ath12k]" LR points to "ath12k_dp_tx+0xc8/0x988 [ath12k]". The Backtrace obtained is as follows: ath12k_dp_tx+0x228/0x988 [ath12k] ath12k_mac_tx_check_max_limit+0x608/0x920 [ath12k] ieee80211_process_measurement_req+0x320/0x348 [mac80211] ieee80211_tx_dequeue+0x9ac/0x1518 [mac80211] ieee80211_tx_dequeue+0xb14/0x1518 [mac80211] ieee80211_tx_prepare_skb+0x224/0x254 [mac80211] ieee80211_xmit+0xec/0x100 [mac80211] __ieee80211_subif_start_xmit+0xc50/0xf40 [mac80211] ieee80211_subif_start_xmit+0x2e8/0x308 [mac80211] netdev_start_xmit+0x150/0x18c dev_hard_start_xmit+0x74/0xc0 Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-38606 - Linux Kernel WiFi ath12k: Null Pointer Deref in Beacon Miss Handling

CVE ID : CVE-2025-38606
Published : Aug. 19, 2025, 5:15 p.m. | 1 hour, 37 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtual interfaces (vifs) and attempts to access the radio object (ar) via arvif->deflink->ar. However, after commit aa80f12f3bed ("wifi: ath12k: defer vdev creation for MLO"), arvif is linked to a radio only after vdev creation, typically when a channel is assigned or a scan is requested. For P2P capable devices, a default P2P interface is created by wpa_supplicant along with regular station interfaces, these serve as dummy interfaces for P2P-capable stations, lack an associated netdev and initiate frequent scans to discover neighbor p2p devices. When a scan is initiated on such P2P vifs, driver selects destination radio (ar) based on scan frequency, creates a scan vdev, and attaches arvif to the radio. Once the scan completes or is aborted, the scan vdev is deleted, detaching arvif from the radio and leaving arvif->ar uninitialized. While handling beacon miss for station interfaces, P2P interface is also encountered in the vif iteration and ath12k_mac_handle_beacon_miss_iter() tries to dereference the uninitialized arvif->deflink->ar. Fix this by verifying that vdev is created for the arvif before accessing its ar during beacon miss handling and similar vif iterator callbacks. ========================================================================== wlp6s0: detected beacon loss from AP (missed 7 beacons) - probing KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 5 UID: 0 PID: 0 Comm: swapper/5 Not tainted 6.16.0-rc1-wt-ath+ #2 PREEMPT(full) RIP: 0010:ath12k_mac_handle_beacon_miss_iter+0xb5/0x1a0 [ath12k] Call Trace: __iterate_interfaces+0x11a/0x410 [mac80211] ieee80211_iterate_active_interfaces_atomic+0x61/0x140 [mac80211] ath12k_mac_handle_beacon_miss+0xa1/0xf0 [ath12k] ath12k_roam_event+0x393/0x560 [ath12k] ath12k_wmi_op_rx+0x1486/0x28c0 [ath12k] ath12k_htc_process_trailer.isra.0+0x2fb/0x620 [ath12k] ath12k_htc_rx_completion_handler+0x448/0x830 [ath12k] ath12k_ce_recv_process_cb+0x549/0x9e0 [ath12k] ath12k_ce_per_engine_service+0xbe/0xf0 [ath12k] ath12k_pci_ce_workqueue+0x69/0x120 [ath12k] process_one_work+0xe3a/0x1430 Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00284.1-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-38607 - Linux Kernel BPF Conditional Jump Vulnerability

CVE ID : CVE-2025-38607
Published : Aug. 19, 2025, 5:15 p.m. | 1 hour, 37 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: bpf: handle jset (if a & b ...) as a jump in CFG computation BPF_JSET is a conditional jump and currently verifier.c:can_jump() does not know about that. This can lead to incorrect live registers and SCC computation. E.g. in the following example: 1: r0 = 1; 2: r2 = 2; 3: if r1 & 0x7 goto +1; 4: exit; 5: r0 = r2; 6: exit; W/o this fix insn_successors(3) will return only (4), a jump to (5) would be missed and r2 won't be marked as alive at (3).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-38608 - Linux Kernel ktls Uninitialized Data Corruption

CVE ID : CVE-2025-38608
Published : Aug. 19, 2025, 5:15 p.m. | 1 hour, 37 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, we failed to recalculate the ciphertext length. This results in transmitting buffers containing uninitialized data during ciphertext transmission. This causes uninitialized bytes to be appended after a complete "Application Data" packet, leading to errors on the receiving end when parsing TLS record.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-38609 - Linux Kernel Null Pointer Dereference in devfreq Governor

CVE ID : CVE-2025-38609
Published : Aug. 19, 2025, 5:15 p.m. | 1 hour, 37 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor->name Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from struct devfreq") removes governor_name and uses governor->name to replace it. But devfreq->governor may be NULL and directly using devfreq->governor->name may cause null pointer exception. Move the check of governor to before using governor->name.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-38610 - Linux Powercap DTPM CPU NULL Pointer Dereference

CVE ID : CVE-2025-38610
Published : Aug. 19, 2025, 5:15 p.m. | 1 hour, 37 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() The get_pd_power_uw() function can crash with a NULL pointer dereference when em_cpu_get() returns NULL. This occurs when a CPU becomes impossible during runtime, causing get_cpu_device() to return NULL, which propagates through em_cpu_get() and leads to a crash when em_span_cpus() dereferences the NULL pointer. Add a NULL check after em_cpu_get() and return 0 if unavailable, matching the existing fallback behavior in __dtpm_cpu_setup(). [ rjw: Drop an excess empty code line ]
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-38611 - Linux Kernel vmci Information Leak Vulnerability

CVE ID : CVE-2025-38611
Published : Aug. 19, 2025, 5:15 p.m. | 1 hour, 37 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: vmci: Prevent the dispatching of uninitialized payloads The reproducer executes the host's unlocked_ioctl call in two different tasks. When init_context fails, the struct vmci_event_ctx is not fully initialized when executing vmci_datagram_dispatch() to send events to all vm contexts. This affects the datagram taken from the datagram queue of its context by another task, because the datagram payload is not initialized according to the size payload_size, which causes the kernel data to leak to the user space. Before dispatching the datagram, and before setting the payload content, explicitly set the payload content to 0 to avoid data leakage caused by incomplete payload initialization.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-38612 - Linux Kernel Fbtft Framebuffer Memory Leak Vulnerability

CVE ID : CVE-2025-38612
Published : Aug. 19, 2025, 5:15 p.m. | 1 hour, 37 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after fb_info structure is successfully allocated, the memory allocated in fb_deferred_io_init() for info->pagerefs is not freed. Fix that by adding the cleanup function on the error path.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-38613 - Linux Kernel GPib Buffer Overflow

CVE ID : CVE-2025-38613
Published : Aug. 19, 2025, 5:15 p.m. | 1 hour, 37 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpib_board_info_ioctl is showing up as initialized data on the stack frame being copyied back to userspace in function board_info_ioctl. The simplest fix is to initialize the entire struct to zero to ensure all unassigned padding fields are zero'd before being copied back to userspace.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-38614 - Linux Kernel Eventpoll Recursive Depth Unlimited Link Formation Vulnerability

CVE ID : CVE-2025-38614
Published : Aug. 19, 2025, 5:15 p.m. | 1 hour, 37 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some recursion depth checks, but those recursion depth checks don't limit the depth of the resulting tree for two reasons: - They don't look upwards in the tree. - If there are multiple downwards paths of different lengths, only one of the paths is actually considered for the depth check since commit 28d82dc1c4ed ("epoll: limit paths"). Essentially, the current recursion depth check in ep_loop_check_proc() just serves to prevent it from recursing too deeply while checking for loops. A more thorough check is done in reverse_path_check() after the new graph edge has already been created; this checks, among other things, that no paths going upwards from any non-epoll file with a length of more than 5 edges exist. However, this check does not apply to non-epoll files. As a result, it is possible to recurse to a depth of at least roughly 500, tested on v6.15. (I am unsure if deeper recursion is possible; and this may have changed with commit 8c44dac8add7 ("eventpoll: Fix priority inversion problem").) To fix it: 1. In ep_loop_check_proc(), note the subtree depth of each visited node, and use subtree depths for the total depth calculation even when a subtree has already been visited. 2. Add ep_get_upwards_depth_proc() for similarly determining the maximum depth of an upwards walk. 3. In ep_loop_check(), use these values to limit the total path length between epoll nodes to EP_MAX_NESTS edges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-38615 - "NTFS3 Linux Kernel Live Inode Eviction Vulnerability"

CVE ID : CVE-2025-38615
Published : Aug. 19, 2025, 5:15 p.m. | 1 hour, 37 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted i_link. When renaming, the file0's inode is marked as a bad inode because the file name cannot be deleted. The underlying bug is that make_bad_inode() is called on a live inode. In some cases it's "icache lookup finds a normal inode, d_splice_alias() is called to attach it to dentry, while another thread decides to call make_bad_inode() on it - that would evict it from icache, but we'd already found it there earlier". In some it's outright "we have an inode attached to dentry - that's how we got it in the first place; let's call make_bad_inode() on it just for shits and giggles".
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-51506 - HRForecast Suite SmartLibrary SQL Injection Vulnerability

CVE ID : CVE-2025-51506
Published : Aug. 19, 2025, 5:15 p.m. | 1 hour, 37 minutes ago
Description : In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/lookup endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 19 Aug 2025 17:15:00 GMT

read more

CVE-2025-52478 - n8n Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-52478
Published : Aug. 19, 2025, 5:15 p.m. | 1 hour, 37 minutes ago
Description : n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an